Hello gophers,
The Let’s Encrypt certificate authority is revoking all certificates issued with the TLS-ALPN-01 verification method before 00:48 UTC on 26 January 2022 due to a compliance issue. (Read more
in the Let’s Encrypt announcement.) As TLS-ALPN-01 is the preferred and default verification method used by
golang.org/x/crypto/acme/autocert, most certificates managed by autocert will be revoked beginning at 16:00 UTC on 28 January 2022. This will cause connection errors on some platforms.
We recommend updating the
golang.org/x/crypto module to version v0.0.0-20220126234351-aa10faf2a1f8 (or later), which will automatically renew potentially affected certificates issued before Let’s Encrypt deployed their fix.
Alternatively, delete ALL files in the autocert cache EXCEPT "acme_account+key" or "acme_account.key", and restart the application. If using
autocert.NewListener on Linux, the cache is located at $XDG_CACHE_HOME/golang-autocert or $HOME/.cache/golang-autocert.
In order to get notified of similar issues in the future, we recommend setting the
Manager.Email field.
Cheers,
Go Security team